On Gentoo Hardened with PaX, www-client/opera crashes because the ebuild doesn't mark it with the "disable MPROTECT" flag. This flag needs to be disabled because Opera uses a JIT for JavaScript, so it needs to mark some data regions to be executable. To fix it, pax-utils needs to be inherited in the ebuild: inherit eutils multilib pax-utils And pax-mark needs to be used at the end of src_install, as follows: pax-mark m "${D}usr/lib/opera/opera" pax-mark m "${D}usr/lib/opera/operaplugincleaner" pax-mark m "${D}usr/lib/opera/operapluginwrapper" Reproducible: Always Steps to Reproduce: 1.Install www-client/opera on Gentoo Hardened with PaX. 2.Open opera. 3.Try to navigate to any website. Actual Results: Opera crashes. Expected Results: Opera should load the website.
I'm trying to get this into a new opera ebuild, but I wonder what happens if `pax-mark *' is run on a non-hardened system. Looking at the code in pax-utils.eclass, it looks like on a non-hardened system it would end up running either scanelf uselessly, or failing.
Or should I assume that on non-hardened, this is always true?: pax-utils.eclass, line 135: [[ ${PAX_MARKINGS} != "none" ]]
OK, tested on non-hardened, it seems it doesn't do anything disruptive. That's into CVS revision 1.2 of =www-client/opera-11.00.1156. Thank you for reporting. (Please reopen this bug report if it doesn't work on hardened as intended.)
It would appear that <opera:config#Extensions|EcmaScriptJIT> allows you to disable the JIT compiler - maybe that's of interest to hardened users.